tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsContentSecurityUtils.h (4477B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 /* A namespace class for static content security utilities. */
      8 
      9 #ifndef nsContentSecurityUtils_h___
     10 #define nsContentSecurityUtils_h___
     11 
     12 #include <utility>
     13 
     14 #include "mozilla/Maybe.h"
     15 #include "nsStringFwd.h"
     16 
     17 struct JSContext;
     18 class nsIChannel;
     19 class nsIHttpChannel;
     20 class nsIPrincipal;
     21 class nsIURI;
     22 class NS_ConvertUTF8toUTF16;
     23 
     24 namespace mozilla::dom {
     25 class Document;
     26 class Element;
     27 }  // namespace mozilla::dom
     28 
     29 using FilenameTypeAndDetails = std::pair<nsCString, mozilla::Maybe<nsCString>>;
     30 
     31 class nsContentSecurityUtils {
     32 public:
     33  // CSPs upgrade-insecure-requests directive applies to same origin top level
     34  // navigations. Using the SOP would return false for the case when an https
     35  // page triggers and http page to load, even though that http page would be
     36  // upgraded to https later. Hence we have to use that custom function instead
     37  // of simply calling aTriggeringPrincipal->Equals(aResultPrincipal).
     38  static bool IsConsideredSameOriginForUIR(nsIPrincipal* aTriggeringPrincipal,
     39                                           nsIPrincipal* aResultPrincipal);
     40 
     41  // Check whether the scheme is trusted (for privileged code execution).
     42  // @returns true, iff the scheme is chrome:, resource: or moz-src:
     43  static bool IsTrustedScheme(nsIURI* aURI);
     44 
     45  static bool IsEvalAllowed(JSContext* cx, bool aIsSystemPrincipal,
     46                            const nsAString& aScript);
     47  static void NotifyEvalUsage(bool aIsSystemPrincipal,
     48                              const nsACString& aFileName, uint64_t aWindowID,
     49                              uint32_t aLineNumber, uint32_t aColumnNumber);
     50 
     51  // Helper function for various checks:
     52  // This function detects profiles with userChrome.js or extension signatures
     53  // disabled. We can't/won't enforce strong security for people with those
     54  // hacks. The function will cache its result.
     55  static void DetectJsHacks();
     56  // Helper function for detecting custom agent styles
     57  static void DetectCssHacks();
     58 
     59  // Helper function to query the HTTP Channel of a potential
     60  // multi-part channel. Mostly used for querying response headers
     61  static nsresult GetHttpChannelFromPotentialMultiPart(
     62      nsIChannel* aChannel, nsIHttpChannel** aHttpChannel);
     63 
     64  // Helper function which performs the following framing checks
     65  // * CSP frame-ancestors
     66  // * x-frame-options
     67  // If any of the two disallows framing, the channel will be cancelled.
     68  static void PerformCSPFrameAncestorAndXFOCheck(nsIChannel* aChannel);
     69 
     70  // Helper function which just checks if the channel violates any:
     71  // 1. CSP frame-ancestors properties
     72  // 2. x-frame-options
     73  static bool CheckCSPFrameAncestorAndXFO(nsIChannel* aChannel);
     74 
     75  // Implements https://w3c.github.io/webappsec-csp/#is-element-nonceable.
     76  //
     77  // Returns an empty nonce for elements without a nonce OR when a potential
     78  // dangling markup attack was detected.
     79  static nsString GetIsElementNonceableNonce(
     80      const mozilla::dom::Element& aElement);
     81 
     82  // Helper function to Check if a Download is allowed;
     83  static long ClassifyDownload(nsIChannel* aChannel);
     84 
     85  // Public only for testing
     86  static FilenameTypeAndDetails FilenameToFilenameType(
     87      const nsACString& fileName, bool collectAdditionalExtensionData);
     88  static char* SmartFormatCrashString(const char* str);
     89  static char* SmartFormatCrashString(char* str);
     90  static nsCString SmartFormatCrashString(const char* part1, const char* part2,
     91                                          const char* format_string);
     92  static nsCString SmartFormatCrashString(char* part1, char* part2,
     93                                          const char* format_string);
     94 
     95 #if defined(DEBUG)
     96  static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
     97  static void AssertChromePageHasCSP(mozilla::dom::Document* aDocument);
     98 #endif
     99 
    100  static bool ValidateScriptFilename(JSContext* cx, const char* aFilename);
    101  static nsresult GetVeryFirstUnexpectedScriptFilename(nsACString& aFilename);
    102 
    103  // Helper Function to Post a message to the corresponding JS-Console
    104  static void LogMessageToConsole(nsIHttpChannel* aChannel, const char* aMsg);
    105 };
    106 
    107 #endif /* nsContentSecurityUtils_h___ */